JDK-5077603 : SSL/TLS configuration options in Java Control Panel
- Type: Enhancement
- Component: deploy
- Sub-Component: deployment_toolkit
- Affected Version: 1.4.2,5.0,6
- Priority: P4
- Status: Resolved
- Resolution: Fixed
- OS: windows_xp
- CPU: x86
- Submitted: 2004-07-23
- Updated: 2004-10-13
- Resolved: 2004-10-13
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| Other | JDK 6 |
|---|---|
| 5.0u5Fixed | 6 b08Fixed  |
Related Reports
|
Duplicate :
|
|
|
Relates :
|
Description
Due to #5023701 (Default handshaking protocols in HTTPS in webstart is problematic), we have set the default SSL handshaking protocols to SSLv3 and SSLv2Hello because some servers may not be able to handle TLS:
//
// Set only if https.protocols is not defined and Config.SEC_TLS_KEY
// is false (default)
//
if (p.get("https.protocols") == null &&
Config.getBooleanProperty(Config.SEC_TLS_KEY) == false) {
p.put("https.protocols", "SSLv3,SSLv2Hello");
}
However, it is quite problematic for users to change the default handshaking protocols without going through the deployment configuration file. Thus, we should add three deployment configuration properties for various types of protocol support in SSL handshaking:
deployment.security.SSLv2 -> Use SSL 2.0 (default: true)
deployment.security.SSLv3 -> Use SSL 3.0 (default: true)
deployment.security.TLSv1 -> Use TLS 1.0 (default: false)
We should set the value of "https.protocols" in Java Plug-in and Java Web Start according to the values of these deployment configuration properties.
We should also add three related options under "Security" in the Advanced tab of Java Control Panel.
###@###.### 2004-07-23
###@###.### 2004-07-23
Comments
|